Author: joeyh
Date: 2006-08-17 21:15:15 +0000 (Thu, 17 Aug 2006)
New Revision: 4591
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-17 20:55:20 UTC (rev 4590)
+++ data/CVE/list 2006-08-17 21:15:15 UTC (rev 4591)
@@ -1,7 +1,251 @@
+CVE-2006-4194 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions
allows ...)
+ TODO: check
+CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT)
1.17.02.43 and ...)
+ TODO: check
+CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme
Message ...)
+ TODO: check
+CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the
AutoHTML ...)
+ TODO: check
+CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin
5.1 ...)
+ TODO: check
+CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00,
...)
+ TODO: check
+CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23,
when ...)
+ TODO: check
+CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8
writes ...)
+ TODO: check
+CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory
...)
+ TODO: check
+CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly
enforce ...)
+ TODO: check
+CVE-2006-4183
+ RESERVED
+CVE-2006-4182
+ RESERVED
+CVE-2006-4181
+ RESERVED
+CVE-2006-4180
+ RESERVED
+CVE-2006-4179
+ RESERVED
+CVE-2006-4178
+ RESERVED
+CVE-2006-4177
+ RESERVED
+CVE-2006-4176
+ RESERVED
+CVE-2006-4175
+ RESERVED
+CVE-2006-4174
+ RESERVED
+CVE-2006-4173
+ RESERVED
+CVE-2006-4172
+ RESERVED
+CVE-2006-4171
+ RESERVED
+CVE-2006-4170
+ RESERVED
+CVE-2006-4169
+ RESERVED
+CVE-2006-4168
+ RESERVED
+CVE-2006-4167
+ RESERVED
+CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5
and ...)
+ TODO: check
+CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and
...)
+ TODO: check
+CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in
...)
+ TODO: check
+CVE-2006-4163 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS
9.0.6.1 and ...)
+ TODO: check
+CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action
in ...)
+ TODO: check
+CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs
and ...)
+ TODO: check
+CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette
...)
+ TODO: check
+CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in
Spaminator 1.7 ...)
+ TODO: check
+CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet
another ...)
+ TODO: check
+CVE-2006-4156 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka
threaded ...)
+ TODO: check
+CVE-2006-4154
+ RESERVED
+CVE-2006-4153
+ RESERVED
+CVE-2006-4152
+ RESERVED
+CVE-2006-4151
+ RESERVED
+CVE-2006-4150
+ RESERVED
+CVE-2006-4149
+ RESERVED
+CVE-2006-4148
+ RESERVED
+CVE-2006-4147
+ RESERVED
+CVE-2006-4146
+ RESERVED
+CVE-2006-4145
+ RESERVED
+CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers
to ...)
+ TODO: check
+CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War
(VWar) ...)
+ TODO: check
+CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar)
1.5.0 ...)
+ TODO: check
+CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor
5.3.2.609 ...)
+ TODO: check
+CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a
denial of ...)
+ TODO: check
+CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help
File ...)
+ TODO: check
+CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers
to ...)
+ TODO: check
+CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2006-4135 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4134 (Unspecified vulnerability related to a "design
flaw" in SAP Internet ...)
+ TODO: check
+CVE-2006-4133 (Buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and
...)
+ TODO: check
+CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13
and ...)
+ TODO: check
+CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and
...)
+ TODO: check
+CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php
in the ...)
+ TODO: check
+CVE-2006-4129 (PHP remote file inclusion vulnerability in
admin.webring.docs.php in ...)
+ TODO: check
+CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup
Exec ...)
+ TODO: check
+CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0
and ...)
+ TODO: check
+CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and
earlier ...)
+ TODO: check
+CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0
and ...)
+ TODO: check
+CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local
users to ...)
+ TODO: check
+CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php
in ...)
+ TODO: check
+CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in
See-Commerce ...)
+ TODO: check
+CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module
...)
+ TODO: check
+CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and
earlier ...)
+ TODO: check
+CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and
earlier ...)
+ TODO: check
+CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when
run on ...)
+ TODO: check
+CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow
...)
+ TODO: check
+CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in
PgMarket ...)
+ TODO: check
+CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean
...)
+ TODO: check
+CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in
Brian ...)
+ TODO: check
+CVE-2006-4112 (Unspecified vulnerability in the "dependency resolution
mechanism" in ...)
+ TODO: check
+CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute
Ruby ...)
+ TODO: check
+CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers
to read ...)
+ TODO: check
+CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...)
+ TODO: check
+CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6
before ...)
+ TODO: check
+CVE-2006-4107 (SQL injection vulnerability in the Job Search module
(job.module) 4.6 ...)
+ TODO: check
+CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3
...)
+ TODO: check
+CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads
Database ...)
+ TODO: check
+CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
+ TODO: check
+CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in
Jason ...)
+ TODO: check
+CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko
Timme ...)
+ TODO: check
+CVE-2006-4101
+ RESERVED
+CVE-2006-4100
+ RESERVED
+CVE-2006-4099
+ RESERVED
+CVE-2006-4098
+ RESERVED
+CVE-2006-4097
+ RESERVED
+CVE-2006-4096
+ RESERVED
+CVE-2006-4095
+ RESERVED
+CVE-2006-4094
+ RESERVED
+CVE-2006-4093
+ RESERVED
+CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a
user''s actions to ...)
+ TODO: check
+CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel
...)
+ TODO: check
+CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster
2.2 ...)
+ TODO: check
+CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76
and ...)
+ TODO: check
+CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in
CivicSpace ...)
+ TODO: check
+CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
+ TODO: check
+CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine
Aquino ...)
+ TODO: check
+CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The
Search ...)
+ TODO: check
+CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before
3.2.4 ...)
+ TODO: check
+CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in
myWebland ...)
+ TODO: check
+CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a
...)
+ TODO: check
+CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001
through ...)
+ TODO: check
+CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include
the MD5 ...)
+ TODO: check
+CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in
DeluxeBB ...)
+ TODO: check
+CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly
earlier, ...)
+ TODO: check
+CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in
Vincenzo ...)
+ TODO: check
+CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim
Fleischhauer ...)
+ TODO: check
+CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim
Fleischhauer ...)
+ TODO: check
+CVE-2006-4074 (PHP remote file inclusion vulnerability in
lib/tpl/default/main.php in ...)
+ TODO: check
+CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian
Hainz ...)
+ TODO: check
+CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0
LCID 2048 ...)
+ TODO: check
CVE-2006-XXXX [X PCF Integer Overflow Vulnerability]
- libxfont <unfixed> (medium; bug #383353)
[sarge] - xfree86 <unfixed> (medium)
-CVE-2006-4144 [ImageMagick "ReadSGIImage()" Integer Overflow
Vulnerability]
+CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in
ImageMagick ...)
- imagemagick <unfixed> (medium; bug #383314)
- graphicsmagick <unfixed> (medium; bug #383333)
CVE-2006-XXXX [libmusicbrainz buffer overflows]
@@ -98,8 +342,7 @@
CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local
user to ...)
- mysql-dfsg-5.0 <unfixed> (bug #382415; low)
- mysql-dfsg <unfixed> (low)
-CVE-2006-4030 [gallery Missing input sanitising in the stats modules allows
information disclosure]
- RESERVED
+CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery
1.5.1-RC2 and ...)
{DSA-1148-1}
- gallery 1.5.3-1
TODO: check gallery2
@@ -128,8 +371,7 @@
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows
...)
- php5 <unfixed> (medium; bug #382256)
- php4 <unfixed> (medium; bug #382261)
-CVE-2006-4019 [squirrelmail variable overwriting]
- RESERVED
+CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
- squirrelmail 2:1.4.8-1
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
- clamav 0.88.4-1 (high; bug #382004; bug #382007)
@@ -252,7 +494,7 @@
NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: com_bayesiannaivefilter for mambo
-CVE-2006-3961 (Unspecified vulnerability in McAfee Security Center 6.0.23 for
...)
+CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in
McAfee ...)
NOT-FOR-US: McAfee
CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll,
probably ...)
NOT-FOR-US: X-Scripts X-Poll
@@ -459,20 +701,20 @@
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00
before ...)
NOT-FOR-US: IBM Informix Dynamic Server
-CVE-2006-3860
- RESERVED
-CVE-2006-3859
- RESERVED
+CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00
before ...)
+ TODO: check
+CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated
users to ...)
+ TODO: check
CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00
before ...)
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS)
before ...)
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00
before ...)
NOT-FOR-US: IBM Informix Dynamic Server
-CVE-2006-3855 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
allows ...)
+CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server
(IDS) ...)
NOT-FOR-US: IBM Informix Dynamic Server
-CVE-2006-3854
- RESERVED
+CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7,
...)
+ TODO: check
CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before
9.40.TC7 ...)
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro
...)
@@ -558,10 +800,10 @@
NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki
4.0.0 ...)
- twiki <not-affected> (only 4.0.x is affected)
-CVE-2006-3818
- RESERVED
-CVE-2006-3817
- RESERVED
+CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in
Novell ...)
+ TODO: check
+CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise
WebAccess ...)
+ TODO: check
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote
...)
- krusader <not-affected> (bug #380063; file in directory with 0700
permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions
in a ...)
@@ -569,8 +811,8 @@
- heartbeat 1.2.4-13 (bug #379904)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal
function in ...)
- cheesetracker 0.9.9-6 (bug #380364; low)
-CVE-2006-3813
- RESERVED
+CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise
Linux 4 ...)
+ TODO: check
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
NOTE: MFSA-2006-56
- mozilla <unfixed> (medium)
@@ -769,7 +1011,7 @@
NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: LoudMouth Component for Mambo
-CVE-2006-3747 (Off-by-one error in the the ldap scheme handling in the Rewrite
module ...)
+CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite
module ...)
{DSA-1132-1 DSA-1131-1}
- apache 1.3.34-3 (medium; bug #380231)
- apache2 2.0.55-4.1 (medium; bug #380182)
@@ -1627,7 +1869,7 @@
NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP
and ...)
NOT-FOR-US: Windows Explorer
-CVE-2006-3695 [trac: reStructuredText breach of privacy and denial of service]
+CVE-2006-3695 (Unspecified vulnerability in Trac before 0.9.6 allows remote
attackers ...)
- trac 0.9.6-1 (medium)
NOTE:
http://trac.edgewall.org/changeset?old_path=tags%2Ftrac-0.9.5&old=3202&new_path=tags%2Ftrac-0.9.6&new=3622
NOTE: but the patch requires a newer (>= 0.3.9) version of docutils than is
present in sarge?
@@ -2112,8 +2354,7 @@
- cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP server
2.0pl5 ...)
{DSA-1143-1}
-CVE-2006-3121 [heartbeat insufficient bounds checking]
- RESERVED
+CVE-2006-3121 (The heartbeat subsystem in High-Availability Linux before 1.2.5
and ...)
{DSA-1151-1}
- heartbeat-2 2.0.6-2
- heartbeat 1.2.4-14
@@ -2193,7 +2434,7 @@
NOT-FOR-US: Car Classifieds
CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery
1.5 ...)
NOT-FOR-US: EZGallery
-CVE-2006-3086 (Buffer overflow in Microsoft Hyperlink Object Library
(hlink.dll) ...)
+CVE-2006-3086 (Stack-based buffer overflow in the
HrShellOpenWithMonikerDisplayName ...)
NOT-FOR-US: Microsoft
CVE-2006-3084 (The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to
1.5, ...)
{DSA-1146-1}
@@ -3700,8 +3941,8 @@
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the
paranoid ...)
{DSA-1090-1}
- spamassassin 3.1.3-1 (medium)
-CVE-2006-2446
- RESERVED
+CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions
in the ...)
+ TODO: check
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before
...)
- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux
kernel ...)
@@ -6847,8 +7088,7 @@
RESERVED
CVE-2006-1169
RESERVED
-CVE-2006-1168 [ncompress -- buffer underflow]
- RESERVED
+CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4
and (2) ...)
{DSA-1149-1}
- ncompress 4.2.4-15sarge2
CVE-2006-1167
@@ -10539,7 +10779,7 @@
NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad
Manager ...)
NOT-FOR-US: Ad Manager Pro
-CVE-2005-4232 (SQL injection vulnerability in index.php in Jamit Job Board
2.4.1 and ...)
+CVE-2005-4232 (** DISPUTED ** ...)
NOT-FOR-US: Jamit Job Board
CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and
...)
NOT-FOR-US: Link Up Gold
@@ -22076,7 +22316,7 @@
NOT-FOR-US: phpCoin
CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1
allows ...)
NOT-FOR-US: ACS Blog
-CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll),
...)
+CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll)
...)
NOT-FOR-US: Microsoft
CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and
...)
NOT-FOR-US: Cisco Hardware issue
@@ -28028,7 +28268,7 @@
NOT-FOR-US: 602LAN SUITE
CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the
"Directory ...)
NOT-FOR-US: 602LAN SUITE
-CVE-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic
...)
+CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic
...)
NOT-FOR-US: AXIS 2100
CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2
through ...)
- uudeview 0.5.20 (medium)